45948 matches found
WordPress Content Blocks (Custom Post Widget) plugin <= 3.3.9 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability
Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Content Blocks Custom Post Widget versions = 3.3.9...
WordPress Categories Images plugin <= 3.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by ? in WordPress Plugin Categories Images versions = 3.3.1...
WordPress Page Builder Gutenberg Blocks – CoBlocks plugin <= 3.1.16 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Fernando Mecozzi in WordPress Plugin CoBlocks versions = 3.1.16...
WordPress WpStream plugin < 4.11.2 - Arbitrary File Upload vulnerability
Arbitrary File Upload vulnerability discovered by Muhammad Sharief in WordPress Plugin WpStream versions 4.11.2...
WordPress Fluent Forms - Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin <= 6.1.21 - Insecure Direct Object Reference in Stripe SCA Confirmation to Unauthenticated Payment Status Modification vulnerability
WordPress Fluent Forms - Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin = 6.1.21 - Insecure Direct Object Reference in Stripe SCA Confirmation to Unauthenticated Payment Status Modification vulnerability discovered by Prickly Cactus in WordPress Plugin FluentForm...
WordPress Unlimited Elements For Elementor plugin <= 2.0.6 - Authenticated (Contributor+) Arbitrary File Read via Path Traversal in Repeater JSON/CSV URL with Path Traversal vulnerability
Authenticated Contributor+ Arbitrary File Read via Path Traversal in Repeater JSON/CSV URL with Path Traversal vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Unlimited Elements For Elementor Free Widgets, Addons, Templates versions = 2.0.6...
WordPress wpForo Forum plugin <= 2.4.16 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Forum Post Modification via 'guestposting' Parameter vulnerability
Missing Authorization to Authenticated Subscriber+ Arbitrary Forum Post Modification via 'guestposting' Parameter vulnerability discovered by Jared Reyes in WordPress Plugin wpForo Forum versions = 2.4.16...
WordPress WP Statistics plugin <= 14.16.4 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure and Privacy Audit Manipulation vulnerability
Missing Authorization to Authenticated Subscriber+ Sensitive Information Exposure and Privacy Audit Manipulation vulnerability discovered by Jack Pas Dark. - Black Lantern Security in WordPress Plugin WP Statistics versions = 14.16.4...
WordPress WP Statistics plugin <= 14.16.4 - Unauthenticated Stored Cross-Site Scripting via 'utm_source' Parameter vulnerability
Unauthenticated Stored Cross-Site Scripting via 'utmsource' Parameter vulnerability discovered by daroo in WordPress Plugin WP Statistics versions = 14.16.4...
WordPress MasterStudy LMS plugin <= 3.7.25 - Authenticated (Subscriber+) Time-based Blind SQL Injection via 'order' and 'orderby' Parameters vulnerability
Authenticated Subscriber+ Time-based Blind SQL Injection via 'order' and 'orderby' Parameters vulnerability discovered by Naoya Takahashi nakko in WordPress Plugin MasterStudy LMS versions = 3.7.25...
WordPress DirectoryPress - Business Directory And Classified Ad Listing plugin <= 3.6.26 - Unauthenticated SQL Injection via 'packages' vulnerability
WordPress DirectoryPress - Business Directory And Classified Ad Listing plugin = 3.6.26 - Unauthenticated SQL Injection via 'packages' vulnerability discovered by Leonid Semenenko lsemenenko in WordPress Plugin DirectoryPress versions = 3.6.26...
WordPress WowShipping Pro plugin < 1.0.8 - Backdoor vulnerability
Backdoor vulnerability discovered by ? in WordPress Plugin WowShipping Pro versions 1.0.8...
WordPress CMS für Motorrad Werkstätten plugin <= 1.0.0 - Cross-Site Request Forgery vulnerability
Cross-Site Request Forgery vulnerability discovered by Régis SENET - ORHUS in WordPress Plugin CMS für Motorrad Werkstätten versions = 1.0.0...
WordPress Canto plugin <= 3.1.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Setting Modification vulnerability
Missing Authorization to Authenticated Subscriber+ Arbitrary Setting Modification vulnerability discovered by Legion Hunter in WordPress Plugin Canto versions = 3.1.1...
WordPress Quiz and Survey Master (QSM) plugin <= 11.1.0 - Unauthenticated Shortcode Injection Leading to Arbitrary Quiz Result Disclosure via Quiz Answer Text Input Fields vulnerability
Unauthenticated Shortcode Injection Leading to Arbitrary Quiz Result Disclosure via Quiz Answer Text Input Fields vulnerability discovered by Rafshanzani Suhada in WordPress Plugin Quiz And Survey Master versions = 10.1.0...
WordPress JetBackup plugin <= 3.1.19.8 - Authenticated (Administrator+) Arbitrary Directory Deletion via Path Traversal in 'fileName' Parameter vulnerability
Authenticated Administrator+ Arbitrary Directory Deletion via Path Traversal in 'fileName' Parameter vulnerability discovered by lucsob in WordPress Plugin Backup Guard versions = 3.1.19.8...
WordPress LatePoint plugin <= 5.3.2 - Insecure Direct Object Reference to Unauthenticated Sensitive Financial Data Exposure via Sequential Invoice ID vulnerability
Insecure Direct Object Reference to Unauthenticated Sensitive Financial Data Exposure via Sequential Invoice ID vulnerability discovered by darkmode in WordPress Plugin LatePoint versions = 5.3.2...
WordPress Tutor LMS plugin <= 3.9.8 - Authenticated (Admin+) SQL Injection via 'date' Parameter vulnerability
Authenticated Admin+ SQL Injection via 'date' Parameter vulnerability discovered by PRISM in WordPress Plugin Tutor LMS versions = 3.9.8...
WordPress Tutor LMS plugin <= 3.9.8 - Authenticated (Subscriber+) Arbitrary Course Content Manipulation via tutor_update_course_content_order vulnerability
Authenticated Subscriber+ Arbitrary Course Content Manipulation via tutorupdatecoursecontentorder vulnerability discovered by momopon1415 in WordPress Plugin Tutor LMS versions = 3.9.8...
WordPress Kubio AI Page Builder plugin <= 2.7.2 - Missing Authorization to Authenticated (Contributor+) Limited File Upload via Kubio Block Attributes vulnerability
Missing Authorization to Authenticated Contributor+ Limited File Upload via Kubio Block Attributes vulnerability discovered by oolongeya - Dreamhack in WordPress Plugin Kubio AI Page Builder versions = 2.7.2...
WordPress Form Maker by 10Web plugin <= 1.15.40 - Authenticated (Administrator+) SQL Injection via 'ip_search' Parameter vulnerability
Authenticated Administrator+ SQL Injection via 'ipsearch' Parameter vulnerability discovered by Sein Linn in WordPress Plugin Form Maker by 10Web versions = 1.15.40...
WordPress Royal Addons for Elementor plugin <= 1.7.1056 - Authenticated (Contributor+) Stored Cross-Site Scripting via Instagram Feed Widget vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Instagram Feed Widget vulnerability discovered by Caspian in WordPress Plugin Royal Elementor Addons versions = 1.7.1056...
WordPress OneSignal - Web Push Notifications plugin <= 3.8.0 - Missing Authorization to Authenticated (Subscriber+) Post Meta Deletion via 'post_id' vulnerability
WordPress OneSignal - Web Push Notifications plugin = 3.8.0 - Missing Authorization to Authenticated Subscriber+ Post Meta Deletion via 'postid' vulnerability discovered by Muhammad Sharief in WordPress Plugin OneSignal – Web Push Notifications versions = 3.8.0...
WordPress Better Find and Replace - AI-Powered Suggestions plugin <= 1.7.9 - Authenticated (Author+) Stored Cross-Site Scripting via Uploaded Image Title vulnerability
WordPress Better Find and Replace - AI-Powered Suggestions plugin = 1.7.9 - Authenticated Author+ Stored Cross-Site Scripting via Uploaded Image Title vulnerability discovered by kai63001 in WordPress Plugin Better Find and Replace versions = 1.7.9...
WordPress WPZOOM Addons for Elementor plugin <= 1.3.4 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin WPZOOM Addons for Elementor versions = 1.3.4...
WordPress Redsys for WooCommerce Light plugin <= 7.0.0 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Redsys for WooCommerce Light versions = 7.0.0...
WordPress LuxeDrive theme <= 1.4 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Denver Jackson in WordPress Theme LuxeDrive versions = 1.4...
WordPress Eldon theme <= 1.4.1 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Denver Jackson in WordPress Theme Eldon versions = 1.4.1...
WordPress Laurits theme <= 1.5.1 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Denver Jackson in WordPress Theme Laurits versions = 1.5.1...
WordPress Reina theme <= 2.1 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Denver Jackson in WordPress Theme Reina versions = 2.1...
WordPress ShiftUp theme <= 1.3 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Denver Jackson in WordPress Theme ShiftUp versions = 1.3...
WordPress MagOne theme <= 9.0 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme MagOne versions = 9.0...
WordPress Social Slider Feed plugin <= 2.3.2 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Social Slider Feed versions = 2.3.2...
WordPress HAPPY plugin <= 1.0.10 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin HAPPY versions = 1.0.10...
WordPress Shipment Tracker for Woocommerce plugin <= 1.5.3.2 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Shipment Tracker for Woocommerce versions = 1.5.3.2...
WordPress B Blocks plugin <= 2.0.31 - Privilege Escalation vulnerability
Privilege Escalation vulnerability discovered by Abu Hurayra in WordPress Plugin B Blocks versions = 2.0.31...
WordPress Ultra Addons for WPForms plugin <= 1.0.11 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by CidKagenouSama in WordPress Plugin Ultra Addons for WPForms versions = 1.0.11...
WordPress Events Calendar for GeoDirectory plugin <= 2.3.25 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by daroo in WordPress Plugin Events Calendar for GeoDirectory versions = 2.3.25...
WordPress Academy LMS Pro plugin < 3.5.2 - Arbitrary File Upload vulnerability
Arbitrary File Upload vulnerability discovered by luc in WordPress Plugin Academy LMS Pro versions 3.5.2...
WordPress Groundhogg plugin <= 4.4 - Arbitrary File Deletion vulnerability
Arbitrary File Deletion vulnerability discovered by daroo in WordPress Plugin Groundhogg versions = 4.4...
WordPress Client Portal (Pro) plugin <= 5.6.2 - Arbitrary File Download vulnerability
Arbitrary File Download vulnerability discovered by Jarno Vos jrn5151 in WordPress Plugin Client Portal Pro versions = 5.6.2...
WordPress Royal Elementor Addons Pro plugin < 1.7.1041 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by mcdruid in WordPress Plugin Royal Elementor Addons Pro versions 1.7.1041...
WordPress ChapterOne theme <= 1.7 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme ChapterOne versions = 1.7...
WordPress User Registration Stripe plugin <= 1.3.14 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by 0xd4rk5id3 in WordPress Plugin User Registration Stripe versions = 1.3.14...
WordPress WooCommerce Product Filters plugin < 2.0.6 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Phat RiO in WordPress Plugin WooCommerce Product Filters versions 2.0.6...
WordPress Prismatic plugin <= 3.7.3 - Unauthenticated Stored Cross-Site Scripting via 'prismatic_encoded' Pseudo-Shortcode vulnerability
Unauthenticated Stored Cross-Site Scripting via 'prismaticencoded' Pseudo-Shortcode vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Prismatic versions = 3.7.3...
WordPress Livemesh Addons by Elementor plugin <= 9.0 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting via Plugin Settings vulnerability
Missing Authorization to Authenticated Subscriber+ Stored Cross-Site Scripting via Plugin Settings vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Livemesh Addons for Elementor versions = 9.0...
WordPress Customer Reviews for WooCommerce plugin <= 5.101.0 - Reflected Cross-Site Scripting via 'crsearch' vulnerability
Reflected Cross-Site Scripting via 'crsearch' vulnerability discovered by WordFence in WordPress Plugin Customer Reviews for WooCommerce versions = 5.101.0...
WordPress Product Pricing Table by WooBeWoo plugin <= 1.1.0 - Cross-Site Request Forgery to Stored XSS and Pricing Table Deletion vulnerability
Cross-Site Request Forgery to Stored XSS and Pricing Table Deletion vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Product Pricing Table by WooBeWoo versions = 1.1.0...
WordPress WP Docs plugin <= 2.2.9 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'wpdocs_options[icon_size]' vulnerability
Authenticated Subscriber+ Stored Cross-Site Scripting via 'wpdocsoptionsiconsize' vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin WP Docs versions = 2.2.9...